Customer trust – the only protection from cyber-attacks?
Posted on 27th September 2018 by Robert McLeod
With the recent news of Equifax’s ICO £500k fine due to the 2017 data breach, the realities of cyber security are hitting home. As the attack was pre-GDPR, some commentators are suggesting Equifax got off lightly in a cyber-attack that affected 44% of the US population; nearly 146m consumers.
But for a company with 88m business customers worldwide, the compliance fines were only half of the story. Equifax’s stock price – a valuation strongly connected to customer confidence – dropped 13.7% on the first day of trading after the data breach was announced, and likely forced the exit of two senior information and security officers at Equifax in the weeks following.
The real threat to businesses are not legal and regulatory requirements, but the most powerful stakeholders of them all; customers.
Compliance, Control, and Culture
The ubiquity of data and its connection to the internet means we live in a world of present risk. That data can be illegally accessed is no longer a question. The real question is what do you have in place to ensure you are covered from such eventualities.
Compliance is the low-bar. If your business isn’t compliant, not only is it a simple matter of time before a hacker chances their hand – they will succeed, and more will come. The media fall-out and customer backlash from a series of hacks could be enough bring a company crashing down.
Pre and post breach plans are rarely in place. Systemically, failures do not occur due to tech or code, which is easy to blame when explaining to a board who have a lesser understanding of the technicalities. People are the real point of failure – it is people who write the code, and run the processes.
The only way to be assured your business is protected from the fallout of cyber-attacks is to create a culture that understands, owns, and actively promotes the importance of cyber safety. By putting the compliance and controls in the hands of people who inherently understand the risks, and care about the business outcomes, you will create the foundations of solid customer trust and understanding when the inevitable happens.
Cyber-security providers need to be an extension of their customers’ culture too, embedding it not just in the technical systems but in the profile of the business, leaving behind an indelible mark that promotes trust.
Establishing trust and reputation
So how do you prove to your customers you have gone above and beyond the basic requirements, and can be trusted not just now, but in the long run? If it’s your share price you really need to worry about, a solid reputation is critical post-attack, but if you wait until after the attack has occurred it’s already too late.
Preparing thousand-page crisis-management playbooks isn’t the answer. Only an appraisal of what is important to your customers will give you the information on which to build communications campaigns which create trust and response processes which align with customer expectations.
The best preparation is to promote your business as critical to your customers businesses, evidenced through clearly added value, while positioning your company as one which is resilient enough to successfully overcome these modern technological challenges. By talking to your customers first, you will align their needs with their expectations of how you handle their data and how they would expect you to respond.
You need your customers on your side in advance to avoid their harsh scrutiny. Start by creating a unified image and culture, that when called on to respond, does so in an authentic way.